Reverse proxy and security..

[Sly870]

Hello all,

Something been on my mind for quite a while is security, security and security!
I currently have my RaPi 4 with my home assistant exposed a on a single port, currently the only thing exposed but I would like to expose my OpenVPN as well. Just a few questions:

1) Would it be wise to expose my NAS to the WWW and run reverse proxy on that and then direct traffic to OpenVPN and HA appropriately via 2 subdomains?
2) Where is a cheap but reliable place in the UK to buy a domain name that allows SSL and subdomains so I don't need to rely on DDNS/DuckDNS/NoIP etc?
3) With OpenVPN, how is that more secure by connecting to that then opening my NAS compared to just having a specific port for what I need open? Is it just another layer or does it actually add some security (apologies for the very stupid question!) ?

 

[Rusty]

1) as long as you have it hardened enough why not

2) Dreamhost? Cloudflare as well

3) it depends what system is on a custom port. With vpn you always have to authenticate, you can dictate encryption being used. On the other hand it depends also do you mean incoming or outgoing vpn in this case?

 

[one-eyed-king]

To extend point 03) VPN Solutions are widely used and designed for security - usualy you have two-way tls auth when the connection is establishing, before you even enter the credentials. I am not sure if it would be a fair comparison with a website/portal that can be miss configured or even run potentialy exploitable code,

 

[Rusty]

a VPN or a proxy server?

Are we talking when you are away from your lan and want access to them, or protect the traffic going from within your lan to the Internet?